Week 11, Week 13. The scenario.

School of Engineering Construction and Design Department of Professional Practice Security Man & Governance (BIT361) Semester 2 2017 Page 1 of 5 BIT309 Security Management Assignment Due Dates: Week 11, Week 13. The scenario SoftSolutions is an Australian company that has been operating for several years, developing software solutions for other companies. The team of programmers has grown from 4 to 25 within the past 3 years. SoftSolutions has successfully delivered on a rapid series of smaller tasks, including developing AutoIt and Microsoft Office macros to automate office tasks, updating and creating Web sites, and setting up small databases. They have built strong relationships with a number of clients and benefit greatly from repeat business. The owners anticipate continued rapid growth and are planning to launch into mobile app development. The company is run by a husband and wife team – Tim and Catherine. They have recently committed to buying out another business – TransACT. TransACT employs 20 people and they will be absorbed by SoftSolutions in the new year, when the handover will finally take place. They have been providing similar services and have a similarly loyal customer base. They also provide remote helpdesk support. Tim and Catherine can foresee a time in the near future where they employ over 100 people. They would be mostly IT experts, but also, at a minimum, 4 consultants/sales people, a human resources officer, an office manager, a receptionist, and a finance officer. You have very recently been hired to solve an area of concern to the owners – information security. You have been given the title of Information Security Manager and will be working by yourself, knowing that you can rely on Tim, Catherine, and Jason (the networking expert and senior programmer) for advice and assistance. In fact, it is Catherine that has initiated your hiring and she encountered a little resistance from Tim. Tim would actually prefer continuing with the current approach for the time-being. That approach has been one without a formal policy where security has been built in an ad-hoc, piecemeal manner. They would both say that the current policy has worked well enough up to now, thanks to the knowledge and expertise within the team. Catherine would like to have Tim more onside with the structured and formal approach that you will bring. In an attempt to get that support, Catherine has asked you to begin your role with SoftSolutions by developing a report that discusses how you will go about managing the information security of the company. School of Engineering Construction and Design Department of Professional Practice Security Man & Governance (BIT361) Semester 2 2017 Page 2 of 5 While this will be a report about general principles, she would also like you to demonstrate the benefits of your approach by developing a specific plan for one issue. Tim and Catherine are both concerned about the implications of bringing 20 people from TransACT onboard and she would like to include a Risk Management Plan for that process. You have decided your Risk Management Plan will include recommendations based on a Cost-Benefit Analysis. Your Goal Produce a report of 2000 words (plus or minus 250 words) addressing the following: ✓ Discuss the fit of your formal approach to security to the company’s values and the role it would play IT governance in general ✓ List the threats, vulnerabilities, and attacks that your formal plan would manage. ✓ Discuss the implications of legal and statutory requirements and the benefits your formal approach would bring ✓ Discuss the development of a Security Policy, including a methodology and the reason for having a policy ✓ Explain the benefits a Risk Management Plan can bring to a company and the steps you would go through to build one. Include the CBA mentioned above and a discussion on Contingency Planning ✓ Discuss the benefits derived from seeing Security Management as an ongoing process Other relevant information The SoftSolutions Mission Statement: We believe in building long-term partnerships with our clients, using the latest technology and reliable systems to invent software solutions that enhance the customer experience and provide a long-term sustainable competitive advantage. It is through building trust and common understanding that we will be able to achieve successful outcomes. Hardware and Software Much of the current work is done using laptops, programming on the road and at location within other businesses. All employees have their own desktop computer. Company supplied tablets and phones are becoming more popular. The company is running without print or file servers. All networking is via Wi-Fi. All data is backed up to Amazon’s Cloud. The remote desktop support arm is anticipated to operate largely via the TeamViewer software, Skype, and phone calls. You can envision other hardware, software, and information/data management procedures as you deem appropriate. School of Engineering Construction and Design Department of Professional Practice Security Man & Governance (BIT361) Semester 2 2017 Page 3 of 5 Submission Instructions You can work alone or in pairs. Submissions should be in 2 parts Week 11, before midnight Friday: Draft Report – 10% Week 13, before midnight Friday: Final Report – 30% Both reports must include the following: • Assignment Cover Page. Use the cover sheet provided. Include the Title, Assignment number, Student Names and IDs, Subject. • Microsoft Word “Cover Page”. Include the name of the report, who it has been prepared for, and the author(s) • Table of contents • Executive summary (1 paragraph) • Body (Numerous headings and text at the writer’s discretion) • A sign-off page • References/Bibliography. Also, Appendices for any other document you think could usefully be included. Your submission must be compatible with the software in Melbourne Polytechnic’s computer Laboratories/Classrooms. A .docx file is preferred. School of Engineering Construction and Design Department of Professional Practice Security Man & Governance (BIT361) Semester 2 2017 Page 4 of 5 Marking Criteria A note on Plagiarism The final report will be submitted via the plagiarism checker Turnitin. All sources must be properly acknowledged with Harvard references and in-text citations. Failure to do either is regarded as plagiarism and the minimum penalty for plagiarism is failure for the assignment. Use quotations and paraphrasing appropriately as copying large chucks and not supplying a reference will at best result in zero marks as you have not contributed to the report. The act of giving your assignment to another student is also classified as a plagiarism offence. Late submission of assignments will be penalised as follows: • For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day. • Assignments more than 5 days late will be capped at a maximum mark of 50% School of Engineering Construction and Design Department of Professional Practice Security Man & Governance (BIT361) Semester 2 2017 Page 5 of 5 Marking Rubric Grade Mark HD 80%+ D 70%-79% CR 60%-69% P 50%-59% Fail < 50% Analysis Logic is clear and easy to follow with strong arguments Consistent, logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed Effort, Difficulties, Challenges The presented solution demonstrated a commanding knowledge of all subject matter and applied it throughout The presented solution demonstrated a strong grasp of the key concepts and applied the knowledge well. The presented solution demonstrated sound grasp on the subject matter and developed a reasonable plan The presented solution demonstrated a limited grasp of the key concepts and submitted incomplete work The presented solution demonstrated a poor grasp of the subject matter and limited effort. Explanation, Justification All elements are present and well-integrated. Co
mponents present with good cohesion Components present and mostly well integrated Most components present Lacks structure. Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors Presentation Proper writing. Professionally presented Properly spoken, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation

Leave a Reply

Your email address will not be published.